900 319 0030

Draft Personal Data Protection Bill 2018

iasparliament Logo
July 28, 2018

Why in news?

The draft personal data protection Bill 2018 was submitted by the Justice B.N. Srikrishna-headed expert panel.

What are the key provisions?

  • The draft takes into account three aspects in terms of data - the citizens, the state and the industry.
  • The draft bill notes that "the right to privacy is a fundamental right".
  • It thus makes it necessary to protect personal data as an essential facet of informational privacy.
  • Data - Critical personal data of Indian citizens should be processed in centres located within the country.
  • Central government will notify categories of personal data that will be considered as critical.
  • Other personal data may be transferred outside the territory of India with some conditions.
  • However, at least one copy of the data will need to be stored in India.
  • For data processors not present in India, the Act will apply to those carrying on business in India.
  • It may also include other activities such as profiling which could cause privacy harms to data principals in India.
  • 'Data principal' refers to the individual or the person providing their data.
  • Violation - The draft also provides for penalties and compensation for violations of the data protection law.
  • The penalty would be Rs.15 crore or 4% of the total worldwide turnover of any data collection/processing entity, for violating provisions.
  • Failure to take prompt action on a data security breach can attract up to Rs.5 crore or 2% of turnover as a penalty.
  • Consent - Processing of sensitive personal data should be on the basis of “explicit consent” of the data principal.
  • The consent should be given before the commencement of the processing.
  • The law will not have retrospective application.
  • Anonymisation - It is the irreversible process of transforming personal data to a form in which a data principal cannot be identified.
  • Notably, the provisions of the draft shall not apply to processing of anonymised data.
  • However, anonymisation should meet the standards specified by the Authority.
  • Right to be forgotten - The data principal will have the right to restrict or prevent continuing disclosure of personal data by a data processor.
  • But the bill does not allow for a right of total erasure as the European Union does.
  • Also, it gives a data processor considerable space in deciding on this ‘right to be forgotten.’
  • The data holder may charge a reasonable fee to be paid for complying with such requests.
  • Implementation - The law will come into force in a structured and phased manner.
  • The draft has recommended setting up a Data Protection Authority to prevent misuse of personal information.
  • The draft Bill also provides for setting up an Appellate Tribunal.

What next?

  • Srikrishna committee on Data protection has submitted the report and draft Bill to the Ministry of Electronics and Information Technology.
  • The Bill is expected to be put to widest parliamentary consultation.
  • It will go through inter-ministerial discussions and the Cabinet as well as parliamentary approval.
  • The government is not bound to accept the recommendations, but the final bill could be close to the panel’s version.


Source: The Hindu, Indian Express

Login or Register to Post Comments
There are no reviews yet. Be the first one to review.



Upsc Mains 2022